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METHOD FOR KEY MANAGEMENT OF POINT-TO-POINT 

COMMUNICATIONS 

Related Inventions 

5 

The present invention is related to the following invention which 
is assigned to the assignee of the present invention. Method and 
Apparatus for Efficient Real-Time Authentication and Encryption in a 
Communication System by Brown et al. having U.S. Serial No. 
10 08/084,644, and filed on June 28, 1993. 

Field of the Invention 

The present invention relates to cornmunication systems and, 
1 5 m«re particularly, to encryption key management of point-to-point 
communications. 

Background of the Invention 

20 Many communications systems currently use encryption to 

enhance security of the systems. These communication systems 
include cellular radio telephone communication system, personal 
communication systems, paging systems, as well as wireline and 
wireless data networks. By way of example a cellular communication 

25 system will be described below; however. It will be appreciated by those 
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skilled in the art that the encryption techniques described can be readily 
extended to other cdmmunication systems without departing from the 
scope and spirit of the present invention. Turning now to cellular 
communication systems, these systems typically include subscriber 
units (such as rhobile or portable units) which communicate with a fixed 
network communication unit via radio frequency (RF) communication 
links. A typical cellular communication system includes at least one 
base station (i.e., communication unit) and a switching center (i.e., an 
infrastructure communication center). Present cellular communication 
systems are designed to encrypt communications on an RF link between 
a subscriber unit and a base station unit through the use of an 
encryption key known to both units so that others who intercept the RF 
link communication link will be unable to listen to the communication 
(e.g., unable to eavesdrop on a voice conversation). 

One such RF link encryption technique is described in the United 
States Digital Cellular (USDC) standard (known as IS-54 and IS-55) 
and published by the Electronic Industries Association (EIA), 2001 Eye 
Street, N.W., Washington, D.C. 20006. The USDC system encryption 
technique utilizes a series of specialized messages which must be 
passed between the subscriber unit and a base site communication unit 
before a session encryption key is known to both units. This encryption 
key is based upon shared secret data (SSD) in USDC system, f^or an 
authentication process an SSDa key is used. Similarly, for a voice 
privacy function an SSDb key is used. For the voice privacy function, 
the initial transmitted subscriber message contains an authentication 
response, but no other data is encrypted. The command to begin an 
encryption process is sent from the service provider (i.e.. base site 
communication unit) to the subscriber after the subscriber has been 
assigned a traffic channel. Further, current system architecture design is 
focused on bringing encryption to data as well as voice. Data consists 
of either synchronous or packet data. Ideally, an encryption key should 
be provided for each data communication session. In a synchronous 
data environment, a session key is an encryption key which is used for 
the duration of a single (e.g., circuit switched) data communication (i.e., 
"call"). Similarly in a data packet environment, a session key is an 
encryption key which is used from the time that the communication unit 
registers with a serving system until the next time that the 
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communication unit re-registers. In addition, in a previously-cited 
related invention entitled "Method and Apparatus for Efficient Real-Time 
Authentication and Encryption in a Communication System" by Brown et 
al. having U.S. Serial No. 08/084,644. and filed on June 28, 1993, 
another encryption key is proposed for USDC system which is termed 
an SSDc key and which is used for data packet encryption. In these 
communication systems, packetized data also needs. to be encrypted. 
Packetized data adds an additional problem to the typical encryption 
process. This Is because packets of data may arrive at different times at 
a subscriber unit of a communication unit (i.e., packet messages are 
"connectionless"). These packets need to be reassembled and 
decrypted in the same order In which they were encrypted. In addition, 
an encryption key can only be negotiated when a subscriber perfomis a 
registration. Therefore, a need exists for an encryption technique which 
can alleviate these problems associated with packetized data. 

However, these previously known encryption techniques do not 
address ail of the possible eavesdropping vulnerabilities inherent in a 
communication channel. Eavesdropping may still occur at other points 
in the communication channel between the subscriber unit and an 
endpoint target communication device such as through wiretapping of a 
land-line phone. Such a communication between a subscriber unit and 
an endpoint target communication device is termed a "point-to-point- 
communication. The communication may travel along several different 
physical communication links before being ultimately coupled via a 
communication link between the subscriber and target devices. For 
example in the cellular environment, a user of a subscriber unit may 
place a voice call to a target communication device located at a place of 
business. In order for that call to be completed, a communication 
channel must be set up on an RF link to a base site communication unit. 
In addition, the communication channel must be extended through the 
public switched telephone network (PSTN) to the place of business. 
This place of business may have a private telephone networt< connected 
to the PSTN. As a result, the communication channel may also need to 
be extended through the private networtt to ultimately connect with the 
target communication device. Currently, encryption techniques are only 
being applied to individual components of the entire communication 
channel (e.g., the RF link in USDC system may be encrypted). 



PCT/DS94/09519 



-4- 

However. this leaves other components such as the PSTN or private 
network vulnerable to eavesdropping through wiretapping. Therefore, a 
need also exists for an encryption technique which can alleviate these 
problems associated with eavesdropping at other points of the 
communication channel. 

Summary of the Invention 

These needs and others are substantially met through provision 
of a method of secure key distribution in a communication system 
having a plurality of subscriber units and an infrastructure 
communication center. A first subscriber unit sends a request to the 
infrastructure communication center for a secure communication link 
with a second subscriber unit. This request includes an encrypted 
session encryption key which was encrypted with a first subscriber ' 
registration key. The infrastructure communication center decrypts the 
encrypted session encryption key with the first subscriber registration 
key. Subsequently, the infrastructure communication center re-encrypts 
the session encryption key with a second subscriber registration key. 
This re-encrypted session encryption key is sent to the second 
subscriber unit. In an alternative method, the first subscriber unit and 
the infrastructure communication center a priori know a session key. 
Therefore, the Infrastructure communication center only needs to 
encrypt and send the session encryption key to the second subscriber 
unit, in response to a request by the first subscriber unit. 

' Brief Description of the Drawings 

FIG. 1 is a block diagram showing a preferred embodiment 
communication system having a first and a second subscriber unit as 
well as an infrastructure connecting the subscriber units in accordance 
with the present invention. 

FIG. 2 is a flow chart of a preferred embodiment encryption 
method used by the first and the second subscriber unit over the 
infrastructure as shown in FIG. 1 in accordance with the present 
invention. 
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FIG. 3 is a flow chart of an alternative preferred embodiment 
encryption method used by the first and the second subscriber unit over 
the infrastructure as shown in FIG. 1 in accordance with the present 
invention. 

Detailed Description 

FIG. 1 generally depicts a first 100 and a second 102 subscriber 
communication unit (e.g.. a radiotelephone) as well as an infrastructure 
such as an infrastructure communication center or switch 104 and first 
106 and second 108 cellular radio base sites. In the following example 
the subscriber units 100 and 102 are serviced by the same 
infrastructure switch 104. The first subscriber unit 100 forms a 
communication channel with the first base site 106 by an RF link 110. 
Similarly, the second subscriber unit 102 forms a communication ' 
channel to the second base site 108 by an RF link 112. In addition, the 
first base site 106 and the second base site 108 form communication 
channels to the infrastructure switch 104 by wirelines 114 and 116. 
respectively. 

However, it will be appreciated by those skilled in the art that 
multiple switches (e.g., a cellular switch, a local PSTN switch, and/or a 
long distance carrier switch) could be used to connect the two 
subscriber units. In addition, the two subscriber units may be a part of 
two differeht cellular systems or one connected to a wireline and one a 
part of a cellular system. Further, the subscriber units could be 
communicating data rather than voice over a communication channel 
such as through an Advanced Radio Data Information Service (i.e., 
ARDIS® a joint venture between Motorola, Inc. and IBM) on a personal 
communication system (PCS) which is connected to the PSTN through 
a Mobile Network Integration (MNI) protocol without departing from the 
scope and spirit of the present invention. 

Refening now to FIG. 2. a flow chart of a prefen-ed embodiment 
"point-to-point" encryption scheme used by the first 100 and the second 
102 subscriber unit over the infrastructure 104, 106. and 108 is 
shown. One of the most important elements of this prefen-ed 
embodiment encryption scheme is the encryption key management in a 
"point-to-point" communication system. As is described in USDC 



wo 95/09498 



PCT/US94/09519 



-6- 

system. each subscriber unit establishes a series of RF linl< encryption 
keys (e.g., SSDa and SSDb keys) upon registration with a cellular 
infrastructure network. These encryption keys, which are known to the 
subscriber unit and the cellular infrastnjcture network, are also known 
5 as registration keys. In addition as proposed by Brown et a!., another 
encryption key, termed an SSDc key. may be generated by each 
subscriber unit for use in data encryption. This SSDc may also 
generate a session encryption key (SEK) which is valid for use during 
only one synchronous data communication session or one packet data 

10 registration session. The session encryption key (SEK) may be used to 
encrypt a "point-to-point" communication between the first 100 and the 
second 102 subscriber units such that the communication may even be 
encrypted as it passes through the infrastructure switch 104. 

The overall security of a communication channel between the first 

1^5 100 and the second 102 subscriber units depends upon the secure 
passing of a session key to both subscriber units. Flowchart elements 
200 through 218 outline a preferred embodiment technique for 
securely passing these session encryption keys. A first subscriber unit 
100 makes 202 a request to the infrastmcture communication center 

20 104 for a secure communication link with a second subscriber unit 102 
via the RF link 110, first base site 106 and wireline 114. This request 
preferably includes a session encryption key (SEK) which has been 
encrypted with a first subscriber registration key (SSDic)- The 
infrastructure communication center 104 decrypts 204 the encrypted 

25 session encryption key (SEK) with the first subscriber registration key 
(SSDic). Subsequently, the infrastructure communication center re- 
encrypts 206 the session encryption key (SEK) with a second 
subscriber registration key (SSD2c). At this point the infrastructure 
communication center 104 no longer needs the decrypted session 

30 encryption key and may optionally delete 208 the session key from an 
infrastructure memory device which temporarily stored the session key. 
This deleting of the decrypted session key may enhance the overall 
security of the communication system by eliminating the possibility that 
someone could get unauthorized access to the session keys by tapping 

35 into the infrastructure communication center 104 storage memory. The 
infrastmcture communication center 104 then sends 210 the encrypted 
session encryption key (SEK) to the second subscriber unit 102 via 
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Wireline 116, second base site 108 and RF link 112 The second 

^EK) w,th the second subscriber registration key (SSD2o) Rnallv a 
T^ssage enc^ted by the session encryption key SEKWs 
communicated 214 between the first subscriber unit 100 and the 
second subscriber unit 102 transparently (i.e., without the decryption by 
the .rifrastn^cture) through the in.rasta.Cure communication cente m 
Th,s message may be decrypted by either subscriber unit 100 or 102 
witn the session encryption key (SEK). 

This method of session key (SEK). management also works for 
broadcast messaging systems wherein the encrypted session key (SEK) 

such th. !r ' ''"^'"^^ °* '^'^^^^^^ -its 102 

such t^^^^ broadcast messages may be encrypted by the session key 

«n«h.oH o.?k°"L^" conference communication link may be 

enabled 216 by the infrastructure communication center 104 throuch 

knoJ T TT' ™' °^ communication link is also 

known as a fracfonal-duplex mode of encrypted speech for conference 

Key (SEK) to the other parties in the conference call. Then once the 
session key (SEK) is established, a conversation can proceed whereby 
each talker can speak individually to all of the others. A smooth 
conversation flow requires that either an agreement exist between all 
participants concerning the order of the talkers (which is common on 
amateur radio nets), or that an automatic speech detector select the 
taJker and route the "talkers" enco^pted speech to the other subscriber 
units. Automatic speech detection and directional routing are common 
m speakerphone devices for conversations between two endpoints- 
however, through sophisticated automatic routers at infrastructure ' 
communication centers 1 04 it is possible to handle three or more 
endpoints at a time. One method for enabling automatic routing by the 
infrastructure communication center 104 involves decrypting ' 
subsequent communications from all of the subscriber units in the 
conference communication link with the decrypted session encryption 
key (SEK) which was previously stored in the memory of the 
infrastructure communication center 104. Another method for enabling 
automatic routing by the infrastructure communication center 104 
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involves participating subscriber units 100 and 102 providing 
communication activity information to the infrastructure communication 
center 104. 

Referring now to FIG. 3, a flow chart of an alternative prefen-ed 
5 embodiment "point-to-point" encryption scheme used by the first 100 
and the second 102 subscriber unit over the infrastructure 104, 106, 
and 108 is shown. Flowchart elements 300 through 318 outline the 
alternative preferred embodiment technique for securely passing these 
session encryption keys. In this alternative preferred embodiment, the 
10 first subscriber unit 100 and the infrastmcture communication center 
104 a priori know (i.e., have previously determined) the value of the 
session key (SEK) through the subscriber unit registration process or 
some other way. Therefore, the first subscriber unit 100 makes 302 a 
request, without including the session encryption key (SEK), to the 

15 infrastructure communication center 104 for a secure communication 
link with a second subscriber unit 102 via the RF link 110. first base site 
106 and wireline 114. Subsequently, the infrastructure communication 
center encrypts 306 the session encryption key (SEK) with a second 
subscriber registration key (SSD2c). At this point the infrastmcture 

20 communication center 104 no longer needs the decrypted session 

encryption key and may optionally delete 308 the session key from an 
infrastructure memory device which temporarily stored the session key. 
The infrastructure communication center 104 then sends 310 the 
encrypted session encryption key (SEK) to the second subscriber unit 

25 102 via wireline 116, second base site 108 and RF link 112. The 
second subscriber unit 102 decrypts 312 the encrypted session 
encryption key (SEK) with the second subscriber registration key 
(SSD2c). Finally, a message encrypted by the session encryption key 
(SEK) is communicated 314 between the first subscriber unit 100 and 

30 the second subscriber unit 102 transparently (i.e., without the 
decryption by the infrastructure) through the infrastructure 
communication center 104. This message may be decrypted by either 
subscriber unit 100 or 102 with the session encryption key (SEK). It 
will be appreciated by those skilled in the art that an encrypted 

35 conference communication link may be enabled 3,16 for this alternative 
prefen*ed embodiment encryption scheme in a manner similar to the one 
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previously described in reference ,o the preferred embodiment 
encryption scheme Shown in FIG. 2. 

Although the Invention has been described and illustrated with a 
certarn degree of particularity, it is understood that the present 
5 disclosure of embodiments has been made by way of example only and 
«^a numerous changes In the an-angement and combination of parts as 
well as steps may be resorted to by those skilled in the art without 
departing from the spirit and scope of the invention as claimed For 
example, the communication channel could alternatively be an 
1 0 electronic data bus. wireline, optical fiber link, satellite link, or any other 
type of communication channel. 
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Claims 

What is claimed is: 

1 . A method of secure key distribution in a communication system 
having a plurality of subscriber units and an infrastructure 
communication center, comprising: 

(a) requesting, by a first subscriber unit to the infrastnjcture 
communication center, a secure communication link with a 
second subscriber unit, the request including an encrypted 
session encryption key, the session encryption key being 
encrypted with a first subscriber registration key; 

(b) decrypting, by the infrastructure communication center, the 
encrypted session encryption key with the first subscriber 
registration key; 

, (c) re-encrypting, by the infrastructure communication center, 
the session encryption key with a second subscriber 
registration key; and 
(d) sending the encrypted session encryption key to the 
second subscriber unit. 

2. The method of claim 1 further comprising the step of 
communicating a message encrypted by the session encryption 
key frorh the first subscriber unit to the second subscriber unit 
transparently through the infrastructure communication center. 

3. The method of claim 1 further comprising the step of decrypting, 
by the second subscriber unit, the encrypted session encryption 
key with the second subscriber registration key. 

4. The method of claim 1 wherein the sending step comprises 
sending the encrypted session encryption key to a plurality of 
second subscriber units. 

5. The method of claim 1 further comprising the step of deleting, by 
the infrastructure communication center, the decrypted session 
encryption key from a memory device. 
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The method of claim 1 further comprising the step of enabling an 
encrypted conference communication. link, by the infrastmcture 
communication center, through decrypting subsequent 
communications from subscriber units with the decrypted session 
encryption key. 

The method of claim 1 further comprising the step of enabling an 
encrypted conference communication link, by participating 
subscriber units, through providing communication activity 
information to the infrastmcture communication center. 

The method of claim 1 wherein in the step of requesting, the first 
subscriber unit and the infrastructure communication center know 
a priori the session encryption key. 
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